Java security flaw fix likely this week

According to a report from Reuters, Oracle is aware of the vulnerability and is working on a fix.

While no timetable was provided, it’s expected Oracle could release a patch this week.

“Oracle is aware of a flaw in Java software integrated with web browsers. The flaw is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications directly installed and running on servers, desktops, laptops, and other devices. A fix will be available shortly,” Oracle said in a statement to CNET yesterday.

Hackers discovered a weakness in Java version 7 that could allow the installation of malicious software and malware on machines.

The CERT Program has released Vulnerability Note VU#625617 to address a vulnerability in Oracle Java Runtime Environment (JRE) 7 and earlier that is currently being exploited in the wild. This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems.

US-CERT encourages users and administrators to review the Vulnerability Note VU#625617. This advisory includes possible workarounds that help mitigate the risk against known attack vectors by disabling Java in web browsers.

Java is used by hundreds of millions Windows, Mac and Linux machines across the world. It’s common for the government to advise against security threats, but it’s rare that an agency actively warns users to disable a piece of software.